Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Unverified Commit efe0fa21 authored by Austin Borger's avatar Austin Borger Committed by Kevin F. Haggerty
Browse files

Fix vulnerability in AttributionSource due to incorrect Binder call 

AttributionSource uses Binder.getCallingUid to verify the UID of the
caller from another process. However, getCallingUid does not always
behave as expected. If the AttributionSource is unparceled outside a
transaction thread, which is quite possible, getCallingUid will return
the UID of the current process instead. If this is a system process,
the UID check gets bypassed entirely, meaning any uid can be provided.

This patch fixes the vulnerability by enforcing that the AttributionSource
be unparceled in a transaction only. If it is not, a SecurityException
will be thrown.

Bug: 267231571
Test: Smoke test on cuttlefish.
Test: v2/android-virtual-infra/test_mapping/presubmit-avd
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:694ba52858703c3959e6811edb9b3df32aeca702)
Merged-In: Iee28c3901ee1041e00dca444c37c90d619e19b26
Change-Id: Iee28c3901ee1041e00dca444c37c90d619e19b26
parent 944a680c
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment